Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
|
|
- Marshall McKenzie
- 8 years ago
- Views:
Transcription
1 Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1
2 Agenda Part 1: Introduction Why is Forward Secrecy important? Technology Overview RSA Algorithm Diffie-Hellman Performance Impact Increasing adoption of Forward Secrecy Part 2: Deep Dive RSA Algorithm Diffie-Hellman Elliptic Curve Cryptography (ECC) Implementing Forward Secrecy 2
3 What s the problem? 3
4 Why is Forward Secrecy important? Using typical HTTPS implementations based on RSA, an adversary could record encrypted data and decrypt it later if they gain access to the relevant private key(s) Using Forward Secrecy this approach is impossible 4
5 Review of SSL/TLS FUNCTION Authentication Key Exchange/Agreement Encryption Algorithm Hashing Algorithm Examples RSA DSA RSA Diffie-Hellman RC4 AES MD5 SHA-1 5
6 RSA is the problem Ron Rivest, Adi Shamir, and Len Adleman released the Rivest- Shamir-Adleman (RSA) public key algorithm in This algorithm can be used for encrypting and signing data. The encryption and signing processes are performed through a series of modular multiplications. 6
7 SSL Handshake Process RSA Browser requests web server identity Client Hello Challenge string Server Supported sends cipher a copy suites of its SSL certificate Server Hello Certificate (includes public key) Browser Confirmed checks cipher the suite SSL certificate and sends encrypted session key Master Key Encrypted with server public key Server sends an acknowledgement Server Verify Encrypted challenge string Encrypted Data SYMANTEC VISION
8 RSA key exchange During the SSL handshake, the client receives the server s certificate This includes the server s public key Using RSA, the HTTPS session key is encrypted by the client using the server s public key and sent to the server across the network The server decrypts the session key using the corresponding private key RSA is vulnerable if the private key is discovered 8
9 Diffie-Hellman is the Solution The Diffie-Hellman algorithm was invented in 1976 by Whitfield Diffie and Martin Hellman (US patent 4,200,770). The Diffie-Hellman algorithm is not for encryption or decryption but it enables two parties who are involved in communication to generate a shared secret key for exchanging information confidentially. They can do this even when an eavesdropper listens in on their entire conversation. Whitfield 'Whit' Diffie Martin Hellman 9
10 SSL Handshake Process Diffie-Hellman Browser requests web server identity Client Hello Challenge string Server Supported sends cipher a copy suites of its SSL certificate Server Hello Certificate Browser Confirmed checks cipher the suite SSL certificate and Server key sends info confirmation Key Agreement Client key info Server sends an acknowledgement Server Verify Encrypted challenge string Encrypted Data SYMANTEC VISION
11 Diffie-Hellman key agreement Using Diffie-Hellman key agreement, client and server agree a session key without ever sending the key across the network Diffie-Hellman can be used to enable Forward Secrecy 11
12 What is Perfect Forward Secrecy? Forward Secrecy uses Diffie-Hellman to generate a key for each session Perfect Forward Secrecy enhances Forward Secrecy by continuously changing the key material during each session generating a new key for each message of a conversation 12
13 Where is Forward Secrecy Implemented? As of January 2014, 5% of TLS-enabled websites are configured to use cipher suites that provide forward secrecy to web browsers* * SSL Pulse (January 03, 2014) 13
14 Are You Using Forward Secrecy? Let s See 14
15 Are You Using Forward Secrecy? 15
16 Implementing Forward Secrecy Or can you? 16
17 How do you implement Forward Secrecy? Diffie-Hellman Key Exchange (DHE) has a significant CPU overhead compared to RSA Elliptic Curve Diffie- Hellman (ECDHE) has minimal CPU overhead compared to RSA Source: Bernat 17
18 Elliptic Curve Cryptography Overview ECC 1 Stronger Encryption 2 Efficient Performance 3 Highly Scalable 4 Future of Crypto Tech Shorter key than RSA 256-bit ECC = 3072-bit RSA 10k times harder to crack than RSA 2048 Meets NIST recommendations Efficiency increases with higher server loads Utilizes less server CPU PC s: Faster page load time Ideal for mobile devices Large SSL deployments w/out additional hardware Securing the enterprise: Use fewer resources Lower costs Viable for many years Built for Internet of Things Supports billions of new devices coming online Ideal for Open Networks Truly future proof trust infrastructure in place 18
19 Implementing Forward Secrecy Source: Huang, Adhikarla, Boneh, Jackson 19
20 Implementing Forward Secrecy Source: Huang, Adhikarla, Boneh, Jackson 20
21 Implementing Forward Secrecy Use Diffie-Hellman key agreement for Forward Secrecy Use Elliptic Curve Cryptography for Performance ECC 21
22 Technical Overview What is the RSA Algorithm? What is Diffie-Hellman? What is Elliptic Curve Cryptography (ECC)? 23
23 RSA key exchange During the SSL handshake, the client receives the server s certificate This includes the server s public key Using RSA, the HTTPS session key is encrypted by the client using the server s public key and sent to the server across the network The server decrypts the session key using the corresponding private key RSA is vulnerable if the private key is discovered 24
24 RSA Encryption & Decryption Example Public key: n=33 e=3 Formula: y=x e mod n Encryption using public key Plaintext Binary plaintext we attack at dawn Groups of 5 bits Decimal plaintext (x) x 3 Decimal ciphertext y = x 3 mod Binary ciphertext Ciphertext org^zplvnwk>?@qd 25
25 RSA Encryption & Decryption Example Decryption using private key Ciphertext Private key: n=33 d=7 Formula: x=y d mod n org^zplvnwk>?@qd Binary ciphertext Decimal ciphertext y y 7 Decimal plaintext x = y 7 mod 33 Groups of 5 bits Binary plaintext Plaintext we attack at dawn 26
26 RSA Encryption & Decryption Exercise Choose a number 1 < x < 33 Encrypt x with RSA using the public key n=33, e=13 Decrypt the encrypted number using the private key n=33, d=17 Check if the decrypted number equals the original number Encryption Decryption y=x e mod n x=y d mod n Modular Arithmetic (MOD Operation) Modular arithmetic is related to that of the remainder in division. The operation of finding the remainder is sometimes referred to as the modulo operation, for example 14 (mod 12) = 2. 27
27 Why is RSA Secure? e p x q = n Large prime numbers Public Key Private Key d = Function of p q e Hard Problem: To calculate d from n & e, you must find the prime factors of n What are the prime factors of 6499? What is 67 x 97? 28
28 How secure is RSA? Asymmetric Key Length Key Space Equivalent Symmetric Key Length 768 bits bits 1024 bits bits 2048 bits bits 3072 bits bits 29
29 Diffie-Hellman key agreement Using Diffie-Hellman key agreement, client and server agree a session key without ever sending the key across the network Diffie-Hellman can be used to enable Forward Secrecy 30
30 Diffie-Hellman Key Exchange Algorithm Example Formula y = g x mod n Public Parameters Prime modulus: n=31 Primitive element: g=3 A Random value a=8 A = g a mod n = 3 8 mod 31 = 20 Random value b=6 B = g b mod n = 3 6 mod 31 = 16 B B=16 A=20 S = B a mod n = 16 8 mod 31 = 4 Shared Secret Key (S) is the same g ab mod n = g ba mod n S = A b mod n = 20 6 mod 31 = 4 31
31 Diffie-Hellman Key Exchange Exercise Choose a number 1 < x < 20 Encrypt x with Diffie-Hellman using the public parameters n=31, g=3 Exchange the encrypted number y with your neighbour Calculate the shared key (S) using your neighbour s encrypted number (y) and your number (x) Check with your neighbour if your values for S are the same Encryption Shared Key y=g x mod n S=y x mod n Modular Arithmetic (MOD Operation) Modular arithmetic is related to that of the remainder in division. The operation of finding the remainder is sometimes referred to as the modulo operation, for example 14 (mod 12) = 2. 32
32 TLS 1.2 Key Exchange Mechanisms RFC 5246 Mechanism Method Server public key RSA RSA RSA RSA DH_RSA Diffie-Hellman Diffie-Hellman RSA DH_DSS Diffie-Hellman Diffie-Hellman DSA DHE_RSA Ephemeral Diffie-Hellman RSA Any DHE_DSS Ephemeral Diffie-Hellman DSA Any Certificate signature DH_anon Diffie-Hellman None None Forward Secrecy 33
33 Elliptic Curves An elliptic curve is a plane curve defined by an equation of the form: y 2 x 3 ax b Examples: 34
34 Elliptic Curve Cryptography (ECC) Adding 2 points on a curve produces another point on the curve Adding a point to itself produces another point on the curve If we add a point P to itself d times we end up with Q, another point on the curve Digital Privacy: AOSSL & PFS SYMANTEC VISION
35 Elliptic Curve Cryptography (ECC) Elliptic curves can be used to construct a public key cryptography system The private key d is randomly selected from [1,n-1], where n is integer Then the public key Q is computed by dp, where P,Q are points on the elliptic curve Like the conventional cryptosystems, once the key pair (d, Q) is generated, a variety of cryptosystems such as signature, encryption/decryption and key management can be set up 36
36 Recommended Key Sizes Symmetric Key Size (bits) RSA and Diffie- Hellman Key Size (bits) Elliptic Curve Key Size (bits)
37 Elliptic Curve Diffie-Hellman Example Alice and Bob make a key agreement over the following prime, curve, and point: p=3851, E:y 2 =x x+1287, P=(920,303) E(F 3851 ) Alice chooses the private key d A =1194, computes Q A =1194P=(2067,2178) E(F 3851 ), and sends it to Bob Bob chooses the private key d B =1759, computes Q B =1759P=(3684,3125) E(F 3851 ), and sends it to Alice Alice computes d A Q B =1194(3684,3125)=(3347,1242) E(F 3851 ) Bob computes d B Q A =1759(2067,2178)=(3347,1242) E(F 3851 ) 38
38 ECC Key Exchange Mechanisms RFC 4492 Mechanism Method Server public key Certificate signature ECDH_RSA ECDH_ECDSA ECDHE_RSA ECDHE_ECDSA ECDH_anon Elliptic Curve Diffie- Hellman Elliptic Curve Diffie- Hellman Ephemeral Elliptic Curve Diffie-Hellman Ephemeral Elliptic Curve Diffie-Hellman Ephemeral Elliptic Curve Diffie-Hellman Elliptic Curve Diffie-Hellman Elliptic Curve Diffie-Hellman RSA ECDSA None RSA ECDSA Any Any None Forward Secrecy ECC Certificate 39
39 ECC Certificate Example Key Exchange Using ECDHE_ECDSA 40
40 Summary Implementing Forward Secrecy Put ECDHE and DHE methods at top of server priority list Install ECDSA certificates Mechanism Method Certificate Performance DHE_RSA Ephemeral Diffie-Hellman RSA DHE_DSS Ephemeral Diffie-Hellman DSA ECDHE_RSA ECDHE_ECDSA Ephemeral Elliptic Curve Diffie-Hellman Ephemeral Elliptic Curve Diffie-Hellman RSA ECDSA * * ** *** 41
41 Use Symantec ECC Certificates to enable Forward Secrecy An ECC certificate is included at no additional cost with all Symantec Premium SSL certificates Symantec s ECC certificate roots have been in place for over five years: You can be confident that your ECC certificate will work throughout your ecosystem 42
42 Useful References Diffie Hellman Key Agreement Method RSA: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" Communications of the ACM 21 (2): RFC4492 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) FIPS Digital Signature Standard (DSS) 43
43 Useful Links Forward Secrecy at Twitter: SSL Labs: Deploying Forward Secrecy: ssl-labs-deploying-forward-secrecy Symantec DSA / ECC FAQ: ocale=en_us&searchid= A (relatively easy to understand) primer on elliptic curve cryptography: 44
44 A Final Note. Public key cryptography was first discovered by American geeks. Right? Wrong. The Open Secret: rypto_pr.html The Alternative History of Public-Key Cryptography: Clifford Cocks & James Ellis:
45 Thank you! YOUR FEEDBACK IS VALUABLE TO US! Please take a few minutes to fill out the short session survey available on the mobile app the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via a few days after the conference. To download the app, go to or search for Vision 2014 in the itunes or Android stores. 46
Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationNetwork Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationIs Your SSL Website and Mobile App Really Secure?
Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationMathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information
The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationReview of methods for secret sharing in cloud computing
Review of methods for secret sharing in cloud computing Dnyaneshwar Supe Amit Srivastav Dr. Rajesh S. Prasad Abstract:- Cloud computing provides various IT services. Many companies especially those who
More informationLecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationWhite Paper. Enhancing Website Security with Algorithm Agility
ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationPublic Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationA New Efficient Digital Signature Scheme Algorithm based on Block cipher
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationShor s algorithm and secret sharing
Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationA Novel Approach to combine Public-key encryption with Symmetric-key encryption
Volume 1, No. 4, June 2012 ISSN 2278-1080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ A Novel Approach
More informationSPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128
SPC5 Software Cryptography Library Data brief SHA-512 Random engine based on DRBG-AES-128 RSA signature functions with PKCS#1v1.5 ECC (Elliptic Curve Cryptography): Key generation Scalar multiplication
More informationThe Factoring Dead Preparing for the Cryptopocalypse
The Factoring Dead Preparing for the Cryptopocalypse Thomas Ptacek, Matasano Tom Ritter, isec Partners Javed Samuel, isec Partners Alex Stamos, Artemis Internet Agenda Introduction The Math New Advances
More information, ) I Transport Layer Security
Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationFIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0
FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282
More informationSoftware Implementation of Gong-Harn Public-key Cryptosystem and Analysis
Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationSecure Key Exchange for Cloud Environment Using Cellular Automata with Triple-DES and Error-Detection
Secure Key Exchange for Cloud Environment Using Cellular Automata with Triple-DES and Error-Detection Govinda.K 1, Sathiyamoorthy.E *2, Surbhit Agarwal 3 # SCSE,VIT University Vellore,India 1 kgovinda@vit.ac.in
More informationSSL Handshake Analysis
SSL Handshake Analysis Computer Measurement Group Webinar Nalini Elkins Inside Products, Inc. nalini.elkins@insidethestack.com Inside Products, Inc. (831) 659-8360 www.insidethestack.com www.ipproblemfinders.com
More informationRSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version 3.0.0.1, 3.0.0.2 October 22, 2012
RSA BSAFE Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy Version 3.0.0.1, 3.0.0.2 October 22, 2012 Strong encryption technology for C/C++ developers Contact Information See our Web sites
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationSome solutions commonly used in order to guarantee a certain level of safety and security are:
1. SSL UNICAPT32 1.1 Introduction The following introduction contains large excerpts from the «TCP/IP Tutorial and Technical Overview IBM Redbook. Readers already familiar with SSL may directly go to section
More informationThe science of encryption: prime numbers and mod n arithmetic
The science of encryption: prime numbers and mod n arithmetic Go check your e-mail. You ll notice that the webpage address starts with https://. The s at the end stands for secure meaning that a process
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationCryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL
Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Security architecture and protocol stack Applicat. (SHTTP) SSL/TLS TCP IPSEC IP Secure applications: PGP, SHTTP,
More informationApplied Cryptography Public Key Algorithms
Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin
More informationPGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO
PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO In The Next 15 Minutes, You May Know What is PGP? Why using PGP? What can it do? How did it evolve? How does it work? How to work it? What s its limitation?
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice
More informationSecurity in Computer Networks
Security in Computer Networks Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu Audio/Video recordings of this lecture are available on-line at: http://www.cse.wustl.edu/~jain/cse473-10/
More informationAsymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)
Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption
More informationSecure Socket Layer (SSL) and Transport Layer Security (TLS)
Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationA Survey of the Elliptic Curve Integrated Encryption Scheme
JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME, ISSUE, AUGUST 010 A Survey of the Elliptic Curve Integrated Encryption Scheme 7 V. Gayoso Martínez, L. Hernández Encinas, and C. Sánchez Ávila Abstract
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationNational Security Agency Perspective on Key Management
National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National
More informationCSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING 2016 1
CSCI-E46: Applied Network Security Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING 2016 1 Welcome to CSCI-E46 Classroom & Schedule 53 Church Street L01 Wednesdays,
More informationAn Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm
An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm V.Masthanamma 1,G.Lakshmi Preya 2 UG Scholar, Department of Information Technology, Saveetha School of Engineering
More informationCrypTool. www.cryptool.de www.cryptool.com www.cryptool.org. Claudia Eckert / Thorsten Clausius Bernd Esslinger / Jörg Schneider / Henrik Koy
CrypTool A free software program for creating awareness of IT security issues for learning about and obtaining experience of cryptography for demonstrating encryption algorithms and analysis procedures
More informationTransitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
NIST Special Publication 800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Elaine Barker and Allen Roginsky Computer Security Division Information
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More information2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
More informationProperties of Secure Network Communication
Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More information